sslsd-logo

Troubleshooting: Unsupported Protocol – ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Not all browser related errors are associated with SSL Certificates. Many are due to server configurations that set up communication between the website/server to the clients browser. Different browsers will showcase errors differently. But ultimately the troubleshooting process regarding these errors are the same.

What is a Protocol or a Cipher?

Protocols and Cipher Suites are the actual communication language that performs encryption.
When the browser and the server/website communicate they are require to speak the same language. If a server is not configured to use the languages that the browser wants to use then both the browser and the server will not be able to communicate. This results in a communication failure.

Errors typically seen pertaining to protocols & ciphers:

Error: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”

Error: “Unsupported Protocol.”

Example:

Troubleshooting: Unsupported Protocol - ERR_SSL_VERSION_OR_CIPHER_MISMATCH

How to Troubleshoot?

Fixing this issue will vary depending on the server systems.  As the progression of technology moves on some ciphers/protocols become obsolete browsers like Firefox, Safari, edge, etc. get automatically updated, but the actual server systems responsible for hosting the website will more than likely require a manual update/configuration on which protocols/ciphers to use.

Basically network admins that have direct access to the server system or application in question needs to turn off the bad ciphers/protocols, and turn on the good ones. 

To figure out which Protocol/Cipher to use or that are causing the issues you can use an SSL checker. Qualys SSL Labs Server Test Checker tool is one of the best ones that you can come by on the net. It will perform a through scan of the URL you enter and give you a reading on the information that it has pulled.

Troubleshooting: SSL with Qualys SSL Labs – SSL Checker

Troubleshooting: Unsupported Protocol - ERR_SSL_VERSION_OR_CIPHER_MISMATCH

This SSL Checker is one of many publicly available on the internet that can help you diagnose problems that are associated with your server system. This checker will only be able to check websites that are publicly available to the net.

If you have a system that is not reachable to the public then you will have to manually figure out what protocols/ciphers are currently in use and do the needful.

Note:  You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.


At this time the following protocols and ciphers are safe to use. Browsers will typically pick the most secure protocol or cipher automatically to communicate to the server system. .

Protocol Support

TLS 1.2, TLS 1.1, TLS 1.0

SSL ciphers supported by the server

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »